Security Layer and Methods for Protecting Tenant Data in a Cloud-Mediated Computing Network

1. A method for using a token object to authenticate one or more computing operations requested to be performed on cloud-mediated data comprising the steps: (a) storing and managing the cloud-mediated data by a service provider enabling access to tenant data according to a service level agreement (SLA) between a tenant and the service provider of a cloud computing network, the SLA including stored data defining the scope of services offered, detailing all permitted operations that may be performed relative to the tenant's data and identifying who may perform the operations, wherein at least the SLA is used in token generation; (b) receiving an unauthorized request for access and operation on the tenant data, part or all of the request not contained within the SLA, at a control interface enabling the tenant access to and control over computing operations for the data owned by the tenant; (c) approving the request by interaction with the control interface by the tenant at least generating one or more new access tokens enabling performance of the request by at least embedding the requested operation in the generated access token, thereby modifying the stored data in the SLA; (d) activating the token for a period of time representing a time frame within which the data operation or operations must be completed; and (e) deactivating and storing the token after the stated operations are completed.

2. The method of claim 1 , wherein in step (b), a system notification is sent to a tenant interface operated as a control dashboard interface.

3. The method of claim 1 , wherein in step (c), hashes are generated for one or more of the newly generated access tokens, the hashes validating integrity of each token relevant to operations embedded in each one of the access tokens.

4. The method of claim 1 , wherein in step (e) the deactivated token is reusable for the same operations it permits.

5. The method of claim 1 , wherein the cloud-mediated data is stored on a public cloud-computing network based on an Infrastructure as a Service (IaaS) model.

6. The method of claim 1 , wherein in step (e), the one or more newly generated access tokens are added to a token store containing and modifying the SLA in step (c) by incorporating one or more new operations into the SLA as one or more modifications.